Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

run_exe/BI...s2.dll

windows7-x64

3

run_exe/BI...s2.dll

windows10-2004-x64

3

run_exe/BI...32.dll

windows7-x64

3

run_exe/BI...32.dll

windows10-2004-x64

3

run_exe/BI...LE.dll

windows7-x64

1

run_exe/BI...LE.dll

windows10-2004-x64

1

run_exe/by...te.exe

windows7-x64

10

run_exe/by...te.exe

windows10-2004-x64

10

run_exe/cjoc.dll

windows7-x64

1

run_exe/cjoc.dll

windows10-2004-x64

1

run_exe/djua.dll

windows7-x64

1

run_exe/djua.dll

windows10-2004-x64

1

run_exe/lua51.dll

windows7-x64

1

run_exe/lua51.dll

windows10-2004-x64

1

run_exe/so...ql.dll

windows10-2004-x64

1

run_exe/sqlxmlx.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    [V2] flashy exe.zip

  • Size

    4.9MB

  • Sample

    240930-avlh2syakq

  • MD5

    4a0516f321b41cbc8085e8a3f4317319

  • SHA1

    80247fd39f7a54e70c48d12b617a1e55f2acbdba

  • SHA256

    64fd7d96bb2c8755d617addf8196ab7665a92b749e8779632eebef17ec6051d1

  • SHA512

    0a5df8435af4dbf054c40baa5d1cd496dd832fe190af263d3be278b0a6b575ad051066954da1f120fec45a827a78987f27dcc7c2c9616070eca6b64eee95263a

  • SSDEEP

    98304:w0tW38+YVPtZKfQgIGCLOUvACxzWX9hkm4q5ANf9IuTD8ELTo6EWdjCc2Jd:5t08P/Z6/IGC6UvACxzW/55AJmu/8ELQ

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      run_exe/BIN/Qt5QuickTemplates2.dll

    • Size

      2.1MB

    • MD5

      cfda5807a7446493f56accc25dd13b01

    • SHA1

      ab3630fc5d506d3946a2224da743a386c8d41b21

    • SHA256

      6c6a4d1b7428704d9ab0ee38661aab7e5ee0c848907172168bd3d012a8fa89eb

    • SHA512

      7050f336b15dedf36e384a9142e6ba5639490cbd6a57e0eabdc5c1c58c6e2e6253705a18e1ffa5bdc84e908e96e623f33013fabde26087f38aa551033328b936

    • SSDEEP

      49152:FT5FZhsNkcShLPrucHq1t2luVUQ9NREvQIkrMDU5uv5MUv8g8M8P+C3YADThbIK0:FT5FZhsNkcShLPrucH2t2luVUQ9NREv/

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      run_exe/BIN/libeay32.dll

    • Size

      2.1MB

    • MD5

      9c8b228d392411aeec50905c2d80cf5d

    • SHA1

      54a8d6ec44a8e11a3e232ad63b006b5c1394d6b2

    • SHA256

      2c125702a00050b7175befb29e58749c8b63e33d51e6093ac04175c303084a83

    • SHA512

      b993b094174f5564ae4e0f3c333c61ad2d57857761c60273c0d0681845e457ffa7df8bcb61f0c8dcccd12ba702457c610f742879abd339780bc5de805ddc1f69

    • SSDEEP

      49152:RGqv0LS1e33J+UMFMVDfC/QZG9WUQmCRD75AArD/0lTrWrTZ3BGTy:RGy0LS1oJ+UMFMVDfC/QZG9WUQxRD75l

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      run_exe/BIN/qtANGLE.dll

    • Size

      3.4MB

    • MD5

      096b8fb51783aabd26c5e433f4de1ddc

    • SHA1

      c1d0ca578862975a09aff9301d031bc7638f154c

    • SHA256

      27e4d8f8e47f25f9b8d45cb53a3321a6cc3bd49604233bd1878421114d27bbee

    • SHA512

      7d5c5b9d903a1c26559aaee2af8d839e86d93c9df2f79e741756536e81c96f27331a3ceb4586046d3bb5e9afd25ffeac552d7cce50b99016603d04c6feb81ce4

    • SSDEEP

      49152:asUPqecKzpO8nYQb5DSa3uLmeipCecmFdm044mSXaaqWc3NRryG3wTyP0:asU9P48YQes

    Score
    1/10
    behavioral5behavioral6

    • Target

      run_exe/by_execute.exe

    • Size

      310KB

    • MD5

      ffc167fe4bb8867545b207b98445ef06

    • SHA1

      fd0ee23647aba5ba511813a08b083594d8318c38

    • SHA256

      3cbfe1436db51d0ed707f6a2beaf834561e2ff62e1cd91ed3f46021aeaf26ad6

    • SHA512

      c3b554384aa57258079870be27b083955bf757cd24b68ccebc3abf95622f0f965c0351b1ca804fd5f17510f369f4fb9183e08ee7e15cffcbaf4bd6b2fbef29e0

    • SSDEEP

      6144:cOE+KwEG34Q7U8k0p4ph+ZiKicfjq060hl3qLiqGaJDnRzIui:cZ+KrG34f8zHjiP066pOiqGaNq

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      run_exe/cjoc.dll

    • Size

      1.3MB

    • MD5

      679334394f9787e7d59f1589055738f4

    • SHA1

      b34039f64d039cee7f0420d6f0be0d415e42b8ec

    • SHA256

      af7ba939552780e0e19b23fe52a6b033037d403254f2e4acdbc9bb8ad07d963b

    • SHA512

      735d1df3528c09e7c45439fabd94ac9ac6ff7c048cab7d9bd02fe9c517ee086a2ff8041163d8335ae8dde4bc62801ed84e8aee10e066814330d4b414e0b420ca

    • SSDEEP

      24576:Xy6OLvfihuIXRaVoJl4vPTH8GO4j+kMC8Q/rf+ZPoS:XsLvfi0+RaVoJ+bH834wCxDb

    Score
    1/10
    behavioral10behavioral9

    • Target

      run_exe/djua.dll

    • Size

      193KB

    • MD5

      ee3870b006693518056a48e4717e972b

    • SHA1

      2a8b6e909418f5ce254f78eaf0160b006536174a

    • SHA256

      05899d1ceb01c37fa429b08b8379397383b6b1fafac814b9e8112c3a88672550

    • SHA512

      09f3c6b75ff74c0023548886cef318716a6c27e1798ba80440207247628aa9c3bf84f696a0593ff1f0fe027838cffbb92c4fc3d7d7fde6c445955838cd97c124

    • SSDEEP

      3072:cmZyGOfZQ2G567t8EWPMpSS4cIc5JHSjCZmYnvksnV1D55Ct7wAjtrWccMrXac9y:cmFyO2GsUMpIc5JMessnfCt0oxrXac

    Score
    1/10
    behavioral11behavioral12

    • Target

      run_exe/lua51.dll

    • Size

      447KB

    • MD5

      d92adcfc23cb2f0c7c45b324ca105205

    • SHA1

      787b9424f90e5c41b3ac6f9510f68999f65ee4c0

    • SHA256

      4a365476d0fdbb412e30ade5aba8b5cb6dcf1799971a1147ffdf13f00276c424

    • SHA512

      5cfa6397f474d40a42dffbb20681c436450f6d9ace61dabb9839867cc3425ae1cc41ea850bd8c67c6536ce805cebf2ddb534bee20b880231162e52bec6f408eb

    • SSDEEP

      6144:orpfSN1l88pAViiJEwWcV3iQKvjRp5IzUJy7QnSnVDGX3XPsNskQC3a5akN7Z1zN:UpfQyiAdKvjdAU4UuFkYssq7+VM

    Score
    1/10
    behavioral13behavioral14

    • Target

      run_exe/source/msdasql.dll

    • Size

      750KB

    • MD5

      dc1ec1f2f80a52b2f06ad24cf22a8e3e

    • SHA1

      eebab08a4e61efe9c9cca1cd4672b0597d499d34

    • SHA256

      f6f345cf3a50234645d0873d93c40f7c8120ec7c2e2c86642a57c650d4b01b88

    • SHA512

      64be5feca9ce8f43fe5c07e6d14b2a3db94dd418d40b7781064f5e4df63285d529b29d00471352b92754955c492be3bb13722ba980b364175f42d5e739d9b858

    • SSDEEP

      12288:WQA9YZJmJ3oRGis/tYkuI6vWGaTg/JNEt6xVLD18SqFS+:/fkoGH/tYeuN/Jat6zDR+

    Score
    1/10
    behavioral15

    • Target

      run_exe/sqlxmlx.dll

    • Size

      323KB

    • MD5

      afcf95ef9417795d5c90ea119313e33e

    • SHA1

      03bf8cd89f79531a97adb895e096466168fb4421

    • SHA256

      3cc80ab270bf8c7bb0587bb88b6e9752e965fc5772a4e7365bb4cbe1ea956269

    • SHA512

      c11f4b94e02e0f8ce04ae61a6e57185eef100c7c7a417153ac17e0dd1059172027dd179c3972e5eb44751329fe8f47bd52733afdeb19cc3c8dc553fd843e4401

    • SSDEEP

      6144:Ki/cEhU71shm7tmkRtE6KT8UPV1IVx6jpE:rcEhUahm7t/O/8UncO

    Score
    1/10
    behavioral16

MITRE ATT&CK Enterprise v15

Tasks